| blob | 877f73221d1eaddd92c7637b017c54374a653e7f |
1 --- hpn-ssh-hpn-18.4.2/readconf.c.orig
2 +++ hpn-ssh-hpn-18.4.2/readconf.c
3 @@ -168,6 +168,9 @@
4 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
5 oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
6 oHashKnownHosts,
7 +#ifdef DISABLE_BANNER
8 + oDisableBanner,
9 +#endif
10 oTunnel, oTunnelDevice,
11 oLocalCommand, oPermitLocalCommand, oRemoteCommand,
12 oTcpRcvBufPoll, oHPNDisabled,
13 @@ -298,6 +301,9 @@
14 { "controlpersist", oControlPersist },
15 { "hashknownhosts", oHashKnownHosts },
16 { "include", oInclude },
17 +#ifdef DISABLE_BANNER
18 + { "disablebanner", oDisableBanner },
19 +#endif
20 { "tunnel", oTunnel },
21 { "tunneldevice", oTunnelDevice },
22 { "localcommand", oLocalCommand },
23 @@ -1039,6 +1045,17 @@
24 return -1;
25 }
27 +#ifdef DISABLE_BANNER
28 +static const struct multistate multistate_disablebanner[] = {
29 + { "true", SSH_DISABLEBANNER_YES },
30 + { "false", SSH_DISABLEBANNER_NO },
31 + { "yes", SSH_DISABLEBANNER_YES },
32 + { "no", SSH_DISABLEBANNER_NO },
33 + { "in-exec-mode", SSH_DISABLEBANNER_INEXECMODE },
34 + { NULL, -1 }
35 +};
36 +#endif
37 +
38 /*
39 * Processes a single option line as used in the configuration files. This
40 * only sets those values that have not already been set.
41 @@ -2455,6 +2472,13 @@
42 }
43 break;
45 +#ifdef DISABLE_BANNER
46 + case oDisableBanner:
47 + intptr = &options->disable_banner;
48 + multistate_ptr = multistate_disablebanner;
49 + goto parse_multistate;
50 +#endif
51 +
52 case oDeprecated:
53 debug("%s line %d: Deprecated option \"%s\"",
54 filename, linenum, keyword);
55 @@ -2703,6 +2727,9 @@
56 options->stdin_null = -1;
57 options->fork_after_authentication = -1;
58 options->proxy_use_fdpass = -1;
59 +#ifdef DISABLE_BANNER
60 + options->disable_banner = -1;
61 +#endif
62 options->ignored_unknown = NULL;
63 options->num_canonical_domains = 0;
64 options->num_permitted_cnames = 0;
65 @@ -2937,6 +2964,10 @@
66 options->canonicalize_fallback_local = 1;
67 if (options->canonicalize_hostname == -1)
68 options->canonicalize_hostname = SSH_CANONICALISE_NO;
69 +#ifdef DISABLE_BANNER
70 + if (options->disable_banner == -1)
71 + options->disable_banner = 0;
72 +#endif
73 if (options->fingerprint_hash == -1)
74 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
75 #ifdef ENABLE_SK_INTERNAL
76 --- hpn-ssh-hpn-18.4.2/readconf.h.orig
77 +++ hpn-ssh-hpn-18.4.2/readconf.h
78 @@ -197,6 +197,9 @@
79 u_int num_channel_timeouts;
81 char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
82 +#ifdef DISABLE_BANNER
83 + int disable_banner; /* Disable display of banner */
84 +#endif
85 } Options;
87 #define SSH_PUBKEY_AUTH_NO 0x00
88 @@ -242,6 +245,12 @@
89 #define SSH_KEYSTROKE_CHAFF_MIN_MS 1024
90 #define SSH_KEYSTROKE_CHAFF_RNG_MS 2048
92 +#ifdef DISABLE_BANNER
93 +#define SSH_DISABLEBANNER_NO 0
94 +#define SSH_DISABLEBANNER_YES 1
95 +#define SSH_DISABLEBANNER_INEXECMODE 2
96 +#endif
97 +
98 const char *kex_default_pk_alg(void);
99 char *ssh_connection_hash(const char *thishost, const char *host,
100 const char *portstr, const char *user, const char *jump_host);
101 --- hpn-ssh-hpn-18.4.2/hpnssh_config.5.orig
102 +++ hpn-ssh-hpn-18.4.2/hpnssh_config.5
103 @@ -723,6 +723,14 @@
104 then the backgrounded master connection will automatically terminate
105 after it has remained idle (with no client connections) for the
106 specified time.
107 +.It Cm DisableBanner
108 +If set to yes, disables the display of the banner message.
109 +If set to in-exec-mode, disables the display of banner message when in remote
110 +command mode only.
111 +.Pp
112 +The default value is no, which means that the banner is displayed unless the
113 +log level is QUIET, FATAL, or ERROR. See also the Banner option in
114 +.Xr sshd_config 4 . This option applies to protocol version 2 only.
115 .It Cm DynamicForward
116 Specifies that a TCP port on the local machine be forwarded
117 over the secure channel, and the application
118 --- hpn-ssh-hpn-18.4.2/sshconnect2.c.orig
119 +++ hpn-ssh-hpn-18.4.2/sshconnect2.c
120 @@ -85,6 +85,10 @@
121 extern char *server_version_string;
122 extern Options options;
124 +#ifdef DISABLE_BANNER
125 +extern struct sshbuf *command;
126 +#endif
127 +
128 /*
129 * tty_flag is set in ssh.c. Use this in ssh_userauth2:
130 * if it is set, then prevent the switch to the null cipher.
131 @@ -621,8 +625,28 @@
132 if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
133 (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
134 goto out;
135 - if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
136 - fmprintf(stderr, "%s", msg);
137 +#ifdef DISABLE_BANNER
138 + /*
139 + * Banner is a warning message according to RFC 4252. So, never print
140 + * a banner in error log level or lower. If the log level is higher,
141 + * use DisableBanner option to decide whether to display it or not.
142 + */
143 + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO &&
144 + (options.disable_banner == SSH_DISABLEBANNER_NO ||
145 + (options.disable_banner == SSH_DISABLEBANNER_INEXECMODE &&
146 + sshbuf_len(command) == 0))) {
147 +#else
148 + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
149 +#endif
150 + char *safe;
151 +
152 + if (len > 65536)
153 + len = 65536;
154 + safe = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
155 + strnvis(safe, msg, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
156 + fmprintf(stderr, "%s", safe);
157 + free(safe);
158 + }
159 r = 0;
160 out:
161 free(msg);